5 matches found
public_disclosures
Public vulnerability disclosures Contains some of my vulnerab...
CVE-2026-2375
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...
CVE-2026-2375
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...
CVE-2026-2375
The CVE covers the App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress. Affected: plugin version range up to 5.5.10 on WordPress sites using WCFM Marketplace. Root cause: verify_role() in AuthTrails.php explicitly whitelists the wcfm_vendor role alongside subscriber ...
CVE-2026-2375
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...